Resource Exhaustion Vulnerability in elixir-tesla Tesla by Elixir
CVE-2026-48597

8.2HIGH

Key Information:

Vendor: Elixir-tesla
Status: Tesla
Vendor: CVE Published:; 2 June 2026

🔔 Create Elixir-tesla Vulnerability Alert

What is CVE-2026-48597?

The elixir-tesla Tesla library contains a vulnerability that allows an attacker to influence outgoing request URLs, leading to atom table exhaustion. By converting URL schemes into BEAM atoms without validation, repeated requests can fill the atom table to capacity. As the atom table reaches its limit, the Elixir VM is rendered inoperable, resulting in a denial of service for applications using affected versions of Tesla. This vulnerability poses significant risks, particularly for systems relying on URL forwarding features or redirect responses.

Affected Version(s)

tesla 1.3.0 < 1.18.3

tesla ccd0823d4ba37581a37d8f6108f9a81b263237ef < 4699c3cb3e2fd6078f99f45f11cf7466aeedbf0e

References

https://github.com/elixir-tesla/tesla/security/advisories...

vendor-advisoryrelated

https://cna.erlef.org/cves/CVE-2026-48597.html

https://osv.dev/vulnerability/EEF-CVE-2026-48597

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
May 22, 2026

Credit

Peter Ullrich

Yordis Prieto

Jonatan Männchen

CVE-2026-48597 Data

JSON